Cyber Resilience

CVE-2026-5373

High

Published: 07 April 2026

Published
07 April 2026
Modified
21 April 2026
KEV Added
Patch
CVSS Score v3.1 8.1 CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N
EPSS Score 0.0022 12.4th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2026-5373 is a high-severity Improper Privilege Management (CWE-269) vulnerability in Runzero Runzero Platform. Its CVSS base score is 8.1 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 12.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-2 (Account Management) and AC-6 (Least Privilege).

Deeper analysis

CVE-2026-5373 is an improper privilege management vulnerability (CWE-269) in the runZero Platform. It enabled all-organization administrators to promote accounts to superuser status. The issue carries a CVSS v3.1 base score of 8.1 (High), with the vector AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N, and was published on 2026-04-07. The vulnerability was fixed in runZero Platform version 4.0.260202.0.

Exploitation requires high privileges, specifically those of an all-organization administrator, and can be performed over the network with low attack complexity but necessitates user interaction. Successful exploitation allows the promotion of accounts to superuser status, enabling high-impact confidentiality and integrity violations with a changed scope.

runZero's advisories and release notes detail the fix in version 4.0.260202.0. Additional information is available in the release notes at https://help.runzero.com/docs/release-notes/#402602020 and the dedicated advisory at https://www.runzero.com/advisories/runzero-platform-su-privesc-cve-2026-5373/.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

An issue that allowed all-organization administrators to promote accounts to superuser status has been resolved. This is an instance of CWE-269: Improper Privilege Management, and has an estimated CVSS score of CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N (8.1 High). This issue was fixed in version…

more

4.0.260202.0 of the runZero Platform.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Why these techniques?

The improper privilege management vulnerability directly enables vertical privilege escalation from all-organization administrator to superuser status via network-accessible account promotion.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-23896Shared CWE-269
CVE-2025-27639Shared CWE-269
CVE-2025-8899Shared CWE-269
CVE-2025-26705Shared CWE-269
CVE-2015-10139Shared CWE-269
CVE-2026-8972Shared CWE-269
CVE-2025-0893Shared CWE-269
CVE-2026-6769Shared CWE-269
CVE-2025-2858Shared CWE-269
CVE-2025-48613Shared CWE-269

Affected Assets

runzero
runzero platform
≤ 4.0.260202.0

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly counters CWE-269 improper privilege management by enforcing least privilege, preventing all-organization administrators from promoting accounts to unnecessary superuser status.

prevent

Manages account privileges and reviews to ensure proper assignment and avoid unauthorized escalations to superuser by high-privileged administrators.

preventrecover

Remediates the specific privilege escalation flaw fixed in runZero Platform version 4.0.260202.0 through flaw identification and timely patching.

References